WebSphere Message Broker Fix Pack 220.127.116.11 has been released.
The issues reported on the withdrawn Fix Pack 18.104.22.168 has been addressed.
August 13, 2007 • 11:33 0
June 27, 2007 • 11:10 0
Today a new release of the IH03: WebSphere Message Broker V6-Message display, test & performance utilities support pack was released (more commonly known as RFHUTIL).
The most interesting and important feature for me in my day to day work was the introcuced SSL capabilities. RFHUTIL now works as you would expect from a native WebSPhere MQ client application, reading the MQSSLKEYR environment variable to locate the keystore.
I used a script like this to connect to a remote queue manager using a server connection channel with a NULL_SHA SSL configuration:
The keystore is named key.kdb and is stored together with stash and the other related files in the c:\ih03\ssl\ folder.
I used these settings in the “Set Connection User Id” dialog (click the Set Conn Id button to open):
Be sure to select the correct settings from the Queue Manager Name drop-down list.
This will enable the usage of IH03 in in environments with SSL security requirements, a really good thing!
June 25, 2007 • 16:15 0
A couple of fixpacks ago I tested to connect to a remote queue manager sing a SSL configured server connection channel. Then things didn’t work out that well, but now a couple of refresh/fixpacks later everything wors much better.
To start with I must say that I don’t really fancy the way SSL is enabled from the WMQ Explorer point of view. The keystore parts of the configuration is ok but to connect to a queue manager using SSL you need to provide the WMQ Explorer with client channel definition table (CCDT).
For those of you not familiar with CCDT: it’s basically a binary format where an MQ server can store it’s client connections. Client connections in turn is data needed to connect to a queue manager in a client mode (includes parameters as connection, ssl etc). The CCDT file can be distributed to clients who can use it as the basis for their connection. As the CCDT file is binary there is no easy way to create it by hand. Running runmqsc on a WebSphere MQ server box will make it possible to create the CCDT but that is a bit heavy-weight in my opinion. The best aproach I’ve found so far is to use the MO72: MQSC Client for WebSphere MQ support pack by Paul Clarke.
MO72 has the follwing features (among others):
To create a CCDT from scratch using MO72 run the following command:
mqsc -n -t c:\AMQCLCHL.TAB
to add a client connection channel issue a define script:
DEFINE CHANNEL('CLIENTS.ADMIN') CHLTYPE(CLNTCONN) CONNAME('22.214.171.124(1414)') MAXMSGL(104857600) QMNAME('QM1') SSLCIPH('NULL_SHA') TRPTYPE(TCP) REPLACE
This CCDT assumes that there are a server connection channel named CLIENTS.ADMIN defined in the queue manager listening on port 1414 and host 126.96.36.199 with the rest of the properties in the client connection channel also defined in the server connection channel.
To gain access to the remote queue manager using SSL:
Mission accomplished, SSL now works as a charm.
But why was this implemented using CCDT’s? I can’t see any reason really. I would like to see something like a custom SSLSocketFactory implemented in WebSphere MQ Explorer making it possible to use multiple key and trust stores and easier configuration on top of that. An example of an custom SSLSocketFactory was published by Peter Broadhurst on the a Hursley view on WebSphere MQ blog a couple of months ago.
Perhaps I’ll send in a proposal/requirement to get this configuration more simple and understandable.
June 23, 2007 • 16:56 0
In a previous post of mine is promised to get back to the details of the new version of the MQMON support pack. That hasn’t happened, as you might have noticed, but luckily someone else has 😉
June 18, 2007 • 20:28 0
For those of you who don’t know that much about IS02 here’s the short-short summary:
Back in may I wrote a post on the IS02 support pack. The background story was a customer of mine who currently set up multiple message brokers (WebSphere Message Broker) in an active-active cluster utilizing WebSphere MQ workload balancing features.
From a management/tool view-point the message broker has been all but complete. I was very excited to try out the IS02 support pack as it’s a lean alternative to the all-but-lean Message Broker Toolkit.
The previous post covered the functionality of version two, the version three of IS02: WebSphere Message Broker Explorer Plug-in was released a couple of days ago and today I gave it a shot.
The conclusion is (based on a setup where the configuration manager is installed on a separate box from the eclipse platform):
So, a bit better but more need to come before this becomes really useful.
May 19, 2007 • 09:54 2
I just read about new release of MQMON or MO71: WebSphere MQ for Windows – GUI Administrator that IBM wish calling it.
The support pack can be downloaded from here.
I havn’t had the time to play around with it yet but i definitely will very soon. By looking at the new features one can find:
I’ll get back with another post on the subject as soon as I’ve had a chance to test it.